[El-errata] New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2018-4041)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Feb 28 19:55:23 PST 2018


Synopsis: ELSA-2018-4041 can now be patched using Ksplice
CVEs: CVE-2017-14106 CVE-2017-16529 CVE-2017-16531 CVE-2017-2647 CVE-2017-7482 CVE-2017-8824

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4041.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-8824: Privileges escalation when calling connect() system call on a DCCP socket.

A missing free when calling connect() system call on a DCCP socket while it is
in DCCP_LISTEN state could lead to a use-after-free. A local attacker
could use this flaw to escalate privileges.


* CVE-2017-16531: Out-of-bounds access in USB configuration parsing.

A failure to correctly validate a USB interface association description
can result in an out-of-bounds memory access.


* CVE-2017-16529: Out-of-bounds due to corrupted buffer parsing in USB audio.

A failure to validate buffer descriptors from a USB audio device can
result in an out-of-bounds memory access.


* Use-after-free in USB serial console setup failure.

A failure to handle an error case during USB serial console setup can lead to
a use-after-free.


* NULL pointer dereference when listing connected NFS clients.

When listing connected NFS clients, the RPC client object pointer is
dereferenced without checking the status of the client. If the client is
uninitialized, the pointer may be NULL, causing a NULL pointer
dereference and denial-of-service.


* Data corruption when trimming OCFS2 filesystem.

A bug in the implementation of FITRIM ioctl in OCFS2 could result in
data corruption when trimming the filesystem. The resulting corruption
cannot be fixed using fsck.


* CVE-2017-7482: Memory corruption when decoding Keberos 5 ticket.

A boundary condition error when decoding Keberos 5 tickets using the
RXRPC keys leads to local buffer overflow. This could lead to memory
corruption and possible privilege escalation.


* CVE-2017-14106: Divide-by-zero on TCP disconnect.

A missing initialization of the TCP Maximum Segment Size (MSS) to the
minimum authorized MSS value could lead to a division by zero on TCP
disconnect.  A local user could use this flaw to cause a denial-of-service.


* Updated fix for CVE-2017-2647: Denial-of-service when invoking request_key() syscall.

A missing check in request_key() syscall could lead to a NULL pointer
dereference. A local unprivileged user could use this flaw to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.






More information about the El-errata mailing list